9.0 KiB
9.0 KiB
Jitsi Meet - Complete Video Conferencing Platform
🟡 Communication Service
📋 Service Overview
| Property | Value |
|---|---|
| Service Name | Jitsi Meet (Complete Stack) |
| Host | Atlantis (192.168.0.200) |
| Category | Communication |
| Difficulty | 🟡 |
| Docker Images | jitsi/web, jitsi/prosody, jitsi/jicofo, jitsi/jvb |
| Compose File | Atlantis/jitsi/jitsi.yml |
| Directory | Atlantis/jitsi |
| External Domain | meet.thevish.io |
🎯 Purpose
Jitsi Meet is a complete open-source video conferencing platform that provides secure, high-quality video calls and meetings. It includes web interface, XMPP server, conference focus, and video bridge components.
🌐 Port Forwarding Configuration
External Access (Router Port Forwards)
| Service | External Port | Internal Port | Protocol | Purpose |
|---|---|---|---|---|
| Jitsi Web | 4443 | 4443 | TCP | HTTPS web interface |
| STUN Server | 3478 | 3478 | All | NAT traversal for WebRTC |
| TURN Server | 5349 | 5349 | All | Relay for restricted networks |
| RTP Media | 49160-49200 | 49160-49200 | All | Media streams (40 port range) |
Internal Container Ports
| Component | Container Port | Host Port | Purpose |
|---|---|---|---|
| Jitsi Web | 80, 443 | 5080, 5443 | HTTP/HTTPS interface |
| JVB | 10000/udp | 10000/udp | Video bridge |
| Prosody | 5222, 5347 | Internal | XMPP server |
🚀 Quick Start
Prerequisites
- Docker and Docker Compose installed
- Port forwarding configured on router
- Domain name pointing to external IP
- SSL certificates (Let's Encrypt recommended)
Deployment
# Navigate to service directory
cd Atlantis/jitsi
# Start the complete Jitsi Meet stack
docker-compose up -d
# Check all services status
docker-compose ps
# View logs for all components
docker-compose logs -f
External Access
# Primary access URL
https://meet.thevish.io
# Alternative domain access
https://meet.vish.gg
# Direct port access (if needed)
https://meet.thevish.io:4443
🔧 Configuration
Docker Compose Services
Jitsi Web (Frontend)
web:
image: jitsi/web:stable
container_name: jitsi-web
ports:
- "5080:80" # HTTP (redirects to HTTPS)
- "5443:443" # HTTPS web interface
environment:
- PUBLIC_URL=https://meet.thevish.io
- ENABLE_P2P=0
- ENABLE_TURN=1
- TURN_HOST=turn.thevish.io
- TURN_PORT=3478
- DISABLE_HTTPS=0
Prosody (XMPP Server)
prosody:
image: jitsi/prosody:stable
container_name: jitsi-prosody
environment:
- XMPP_DOMAIN=meet.jitsi
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- XMPP_MUC_DOMAIN=muc.meet.jitsi
Jicofo (Conference Focus)
jicofo:
image: jitsi/jicofo:stable
container_name: jitsi-jicofo
environment:
- XMPP_DOMAIN=meet.jitsi
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- JICOFO_AUTH_USER=focus
JVB (Video Bridge)
jvb:
image: jitsi/jvb:stable
container_name: jitsi-jvb
ports:
- "10000:10000/udp" # Video bridge
environment:
- JVB_PORT=10000
- JVB_STUN_SERVERS=stun.l.google.com:19302
- DOCKER_HOST_ADDRESS=meet.thevish.io
Key Environment Variables
| Variable | Value | Description |
|---|---|---|
PUBLIC_URL |
https://meet.thevish.io |
External access URL |
DOCKER_HOST_ADDRESS |
meet.thevish.io |
Host address for WebRTC |
ENABLE_P2P |
0 |
Disable peer-to-peer (force through server) |
ENABLE_TURN |
1 |
Enable TURN server for NAT traversal |
TURN_HOST |
turn.thevish.io |
TURN server hostname |
TURN_PORT |
3478 |
TURN server port |
🌐 Network Architecture
External Access Flow
Internet → Router (Port Forward) → Atlantis → Docker Container
↓
Port 4443 → 192.168.0.200:5443 → jitsi-web:443
Port 3478 → 192.168.0.200:3478 → STUN/TURN server
Port 5349 → 192.168.0.200:5349 → TURN server
Port 49160-49200 → 192.168.0.200:49160-49200 → RTP media
Internal Container Network
meet.jitsi (Docker Network)
├── jitsi-web (Frontend)
├── jitsi-prosody (XMPP Server)
├── jitsi-jicofo (Conference Focus)
└── jitsi-jvb (Video Bridge)
🔒 Security Considerations
External Exposure Assessment
- ✅ High Security: HTTPS encryption on port 4443
- ✅ Standard Protocols: STUN/TURN are industry standard
- ⚠️ Media Ports: RTP range 49160-49200 exposed for media
- ✅ Authentication: Meeting rooms can be password protected
Security Recommendations
# 1. Enable meeting passwords
- Configure lobby mode for meetings
- Require passwords for sensitive meetings
- Use waiting rooms for additional control
# 2. Monitor access logs
- Review Nginx/web server logs regularly
- Monitor for unusual connection patterns
- Set up alerts for failed authentication attempts
# 3. Keep services updated
- Regular updates for all Jitsi components
- Monitor security advisories
- Implement automated security scanning
# 4. Network security
- Firewall rules for specific IP ranges if needed
- Consider VPN access for internal meetings
- Implement rate limiting on web interface
🚨 Troubleshooting
Common Issues
Can't Access Web Interface
# Check external access
curl -I https://meet.thevish.io
curl -I https://meet.vish.gg
# Verify port forwarding
nmap -p 4443 meet.thevish.io
# Check container status
docker-compose ps
docker-compose logs web
Video/Audio Not Working
# Check STUN/TURN servers
nmap -p 3478,5349 meet.thevish.io
# Verify RTP port range
nmap -p 49160-49200 meet.thevish.io
# Test WebRTC connectivity
# Use browser developer tools → Network tab
# Look for STUN/TURN connection attempts
Meeting Connection Issues
# Check JVB (Video Bridge) status
docker-compose logs jvb
# Verify XMPP server
docker-compose logs prosody
# Check conference focus
docker-compose logs jicofo
# Test internal connectivity
docker-compose exec web ping prosody
Performance Optimization
# Monitor resource usage
docker stats
# Check bandwidth usage
iftop -i eth0
# Optimize JVB settings for concurrent users
# Edit JVB configuration for higher capacity
📊 Resource Requirements
Recommended Resources
- Minimum RAM: 4GB total for all components
- Recommended RAM: 8GB+ for production use
- CPU: 4+ cores for multiple concurrent meetings
- Network: High bandwidth for media streaming
- Storage: 10GB+ for logs and configuration
Scaling Considerations
- Small meetings (2-4 people): Default configuration sufficient
- Medium meetings (5-15 people): Increase JVB memory allocation
- Large meetings (15+ people): Consider multiple JVB instances
- Enterprise scale: Implement Jitsi cluster with load balancing
🔍 Health Monitoring
Service Health Checks
# Check all components
docker-compose ps
# Test web interface
curl -f https://meet.thevish.io/config.js
# Verify XMPP server
docker-compose exec prosody prosodyctl status
# Check video bridge
curl -f http://localhost:8080/colibri/stats
Monitoring Metrics
- Active meetings: Number of concurrent conferences
- Participant count: Total users across all meetings
- Bandwidth usage: Network utilization for media streams
- CPU/Memory: Resource consumption per component
- Connection success rate: WebRTC connection establishment
🌐 Integration with Homelab
Tailscale Access
# Internal access via Tailscale
https://atlantis.tail.vish.gg:5443
# Secure admin access
https://atlantis.tail.vish.gg:5080/admin
Reverse Proxy Integration
# If using Nginx Proxy Manager or Traefik
# Configure reverse proxy for clean URLs
# Handle SSL termination at proxy level
# Load balance multiple Jitsi instances
Monitoring Integration
# Prometheus metrics (if enabled)
http://atlantis.tail.vish.gg:8080/metrics
# Grafana dashboard
# Import Jitsi Meet dashboard for monitoring
# Set up alerts for service failures
📚 Additional Resources
- Official Documentation: Jitsi Meet Handbook
- Docker Hub: Jitsi Docker Images
- Community: Jitsi Community Forum
- Security Guide: Jitsi Security Best Practices
🔗 Related Services
- Prosody: XMPP server component
- Jicofo: Conference focus component
- JVB: Video bridge component
- Nginx: Reverse proxy for web interface
- Coturn: STUN/TURN server (if separate)
This documentation covers the complete Jitsi Meet platform including external access configuration and port forwarding requirements.
Last Updated: 2025-11-17
Configuration Source: Atlantis/jitsi/jitsi.yml
External Access: https://meet.thevish.io